coverage core + renames of fixtures

Author: HardMax71

.github/actions/docker-cache/action.yml

@@ -0,0 +1,59 @@
+name: 'Docker Image Cache'
+description: 'Cache and load Docker images for CI jobs'
+
+inputs:
+  images:
+    description: 'Space-separated list of Docker images to cache'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Generate cache key from images
+      id: cache-key
+      shell: bash
+      run: |
+        # Create a stable hash from the sorted image list
+        IMAGES_HASH=$(echo "${{ inputs.images }}" | tr ' ' '\n' | sort | md5sum | cut -d' ' -f1)
+        echo "key=docker-${{ runner.os }}-${IMAGES_HASH}" >> $GITHUB_OUTPUT
+
+    - name: Cache Docker images
+      uses: actions/cache@v5
+      id: docker-cache
+      with:
+        path: /tmp/docker-cache
+        key: ${{ steps.cache-key.outputs.key }}
+
+    - name: Load cached Docker images
+      if: steps.docker-cache.outputs.cache-hit == 'true'
+      shell: bash
+      run: |
+        echo "Loading cached images..."
+        for f in /tmp/docker-cache/*.tar.zst; do
+          zstd -d -c "$f" | docker load &
+        done
+        wait
+        docker images
+
+    - name: Pull and save Docker images
+      if: steps.docker-cache.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        mkdir -p /tmp/docker-cache
+
+        echo "Pulling images in parallel..."
+        for img in ${{ inputs.images }}; do
+          docker pull "$img" &
+        done
+        wait
+
+        echo "Saving images with zstd compression..."
+        for img in ${{ inputs.images }}; do
+          # Create filename from image name (replace special chars)
+          filename=$(echo "$img" | tr '/:' '_')
+          docker save "$img" | zstd -T0 -3 > "/tmp/docker-cache/${filename}.tar.zst" &
+        done
+        wait
+
+        echo "Cache size:"
+        du -sh /tmp/docker-cache/

.github/workflows/backend-ci.yml

@@ -44,8 +44,6 @@ jobs:
 
       - name: Run unit tests
         timeout-minutes: 5
-        env:
-          COVERAGE_CORE: sysmon
         run: |
           cd backend
           uv run pytest tests/unit -v -rs \
@@ -70,46 +68,10 @@ jobs:
     steps:
       - uses: actions/checkout@v6
 
-      # ========== DOCKER IMAGE CACHING ==========
-      - name: Cache Docker images
-        uses: actions/cache@v5
-        id: docker-cache
+      - name: Cache and load Docker images
+        uses: ./.github/actions/docker-cache
         with:
-          path: /tmp/docker-cache
-          key: docker-${{ runner.os }}-${{ env.MONGO_IMAGE }}-${{ env.REDIS_IMAGE }}-${{ env.KAFKA_IMAGE }}-${{ env.SCHEMA_REGISTRY_IMAGE }}
-
-      - name: Load cached Docker images
-        if: steps.docker-cache.outputs.cache-hit == 'true'
-        run: |
-          echo "Loading cached images..."
-          for f in /tmp/docker-cache/*.tar.zst; do
-            zstd -d -c "$f" | docker load &
-          done
-          wait
-          docker images
-
-      - name: Pull and save Docker images
-        if: steps.docker-cache.outputs.cache-hit != 'true'
-        run: |
-          mkdir -p /tmp/docker-cache
-
-          echo "Pulling images in parallel..."
-          docker pull $MONGO_IMAGE &
-          docker pull $REDIS_IMAGE &
-          docker pull $KAFKA_IMAGE &
-          docker pull $SCHEMA_REGISTRY_IMAGE &
-          wait
-
-          echo "Saving images with zstd compression..."
-          docker save $MONGO_IMAGE | zstd -T0 -3 > /tmp/docker-cache/mongo.tar.zst &
-          docker save $REDIS_IMAGE | zstd -T0 -3 > /tmp/docker-cache/redis.tar.zst &
-          docker save $KAFKA_IMAGE | zstd -T0 -3 > /tmp/docker-cache/kafka.tar.zst &
-          docker save $SCHEMA_REGISTRY_IMAGE | zstd -T0 -3 > /tmp/docker-cache/schema-registry.tar.zst &
-          wait
-
-          echo "Cache size:"
-          du -sh /tmp/docker-cache/
-      # ==========================================
+          images: ${{ env.MONGO_IMAGE }} ${{ env.REDIS_IMAGE }} ${{ env.KAFKA_IMAGE }} ${{ env.SCHEMA_REGISTRY_IMAGE }}
 
       - name: Set up uv
         uses: astral-sh/setup-uv@v7
@@ -141,7 +103,6 @@ jobs:
           REDIS_HOST: localhost
           REDIS_PORT: 6379
           SCHEMA_SUBJECT_PREFIX: "ci.${{ github.run_id }}."
-          COVERAGE_CORE: sysmon
         run: |
           cd backend
           uv run pytest tests/integration -v -rs \
@@ -182,46 +143,10 @@ jobs:
     steps:
       - uses: actions/checkout@v6
 
-      # ========== DOCKER IMAGE CACHING ==========
-      - name: Cache Docker images
-        uses: actions/cache@v5
-        id: docker-cache
+      - name: Cache and load Docker images
+        uses: ./.github/actions/docker-cache
         with:
-          path: /tmp/docker-cache
-          key: docker-${{ runner.os }}-${{ env.MONGO_IMAGE }}-${{ env.REDIS_IMAGE }}-${{ env.KAFKA_IMAGE }}-${{ env.SCHEMA_REGISTRY_IMAGE }}
-
-      - name: Load cached Docker images
-        if: steps.docker-cache.outputs.cache-hit == 'true'
-        run: |
-          echo "Loading cached images..."
-          for f in /tmp/docker-cache/*.tar.zst; do
-            zstd -d -c "$f" | docker load &
-          done
-          wait
-          docker images
-
-      - name: Pull and save Docker images
-        if: steps.docker-cache.outputs.cache-hit != 'true'
-        run: |
-          mkdir -p /tmp/docker-cache
-
-          echo "Pulling images in parallel..."
-          docker pull $MONGO_IMAGE &
-          docker pull $REDIS_IMAGE &
-          docker pull $KAFKA_IMAGE &
-          docker pull $SCHEMA_REGISTRY_IMAGE &
-          wait
-
-          echo "Saving images with zstd compression..."
-          docker save $MONGO_IMAGE | zstd -T0 -3 > /tmp/docker-cache/mongo.tar.zst &
-          docker save $REDIS_IMAGE | zstd -T0 -3 > /tmp/docker-cache/redis.tar.zst &
-          docker save $KAFKA_IMAGE | zstd -T0 -3 > /tmp/docker-cache/kafka.tar.zst &
-          docker save $SCHEMA_REGISTRY_IMAGE | zstd -T0 -3 > /tmp/docker-cache/schema-registry.tar.zst &
-          wait
-
-          echo "Cache size:"
-          du -sh /tmp/docker-cache/
-      # ==========================================
+          images: ${{ env.MONGO_IMAGE }} ${{ env.REDIS_IMAGE }} ${{ env.KAFKA_IMAGE }} ${{ env.SCHEMA_REGISTRY_IMAGE }}
 
       - name: Set up uv
         uses: astral-sh/setup-uv@v7
@@ -263,7 +188,6 @@ jobs:
           SCHEMA_SUBJECT_PREFIX: "ci.${{ github.run_id }}."
           KUBECONFIG: /home/runner/.kube/config
           K8S_NAMESPACE: integr8scode
-          COVERAGE_CORE: sysmon
         run: |
           cd backend
           uv run pytest tests/integration/k8s -v -rs \

backend/pyproject.toml

@@ -208,3 +208,8 @@ log_cli = false
 log_cli_level = "ERROR"
 log_level = "ERROR"
 addopts = "-n 4 --dist loadfile --tb=short -q --no-header -q"
+
+# Coverage configuration
+[tool.coverage.run]
+# Use sysmon for faster coverage (requires Python 3.12+)
+core = "sysmon"

backend/tests/conftest.py

@@ -128,7 +128,15 @@ def create_test_app():
 # ===== App without lifespan for tests =====
 @pytest_asyncio.fixture(scope="session")
 async def app():
-    """Create FastAPI app once per session/worker to avoid Pydantic schema crashes."""
+    """Create FastAPI app once per session/worker.
+
+    Session-scoped to avoid Pydantic schema validator memory issues when
+    FastAPI recreates OpenAPI schemas hundreds of times with pytest-xdist.
+    See: https://github.com/pydantic/pydantic/issues/1864
+
+    Note: Tests must not modify app.state or registered routes.
+    Use function-scoped `client` fixture for test isolation.
+    """
     application = create_test_app()
 
     yield application
@@ -201,7 +209,7 @@ async def _http_login(client: httpx.AsyncClient, username: str, password: str) -
 
 # Session-scoped shared users for convenience
 @pytest.fixture(scope="session")
-def shared_user_credentials():
+def test_user_credentials():
     uid = os.environ.get("PYTEST_SESSION_ID", uuid.uuid4().hex[:8])
     return {
         "username": f"test_user_{uid}",
@@ -212,7 +220,7 @@ def shared_user_credentials():
 
 
 @pytest.fixture(scope="session")
-def shared_admin_credentials():
+def test_admin_credentials():
     uid = os.environ.get("PYTEST_SESSION_ID", uuid.uuid4().hex[:8])
     return {
         "username": f"admin_user_{uid}",
@@ -223,22 +231,23 @@ def shared_admin_credentials():
 
 
 @pytest_asyncio.fixture
-async def shared_user(client: httpx.AsyncClient, shared_user_credentials):
-    creds = shared_user_credentials
-    # Always attempt to register; DB is wiped after each test
+async def test_user(client: httpx.AsyncClient, test_user_credentials):
+    """Function-scoped authenticated user. Recreated each test (DB wiped between tests)."""
+    creds = test_user_credentials
     r = await client.post("/api/v1/auth/register", json=creds)
     if r.status_code not in (200, 201, 400):
-        pytest.skip(f"Cannot create shared user (status {r.status_code}).")
+        pytest.skip(f"Cannot create test user (status {r.status_code}).")
     csrf = await _http_login(client, creds["username"], creds["password"])
     return {**creds, "csrf_token": csrf, "headers": {"X-CSRF-Token": csrf}}
 
 
 @pytest_asyncio.fixture
-async def shared_admin(client: httpx.AsyncClient, shared_admin_credentials):
-    creds = shared_admin_credentials
+async def test_admin(client: httpx.AsyncClient, test_admin_credentials):
+    """Function-scoped authenticated admin. Recreated each test (DB wiped between tests)."""
+    creds = test_admin_credentials
     r = await client.post("/api/v1/auth/register", json=creds)
     if r.status_code not in (200, 201, 400):
-        pytest.skip(f"Cannot create shared admin (status {r.status_code}).")
+        pytest.skip(f"Cannot create test admin (status {r.status_code}).")
     csrf = await _http_login(client, creds["username"], creds["password"])
     return {**creds, "csrf_token": csrf, "headers": {"X-CSRF-Token": csrf}}
 

backend/tests/integration/test_admin_routes.py

@@ -27,12 +27,12 @@ async def test_get_settings_requires_auth(self, client: AsyncClient) -> None:
         assert "not authenticated" in error["detail"].lower() or "unauthorized" in error["detail"].lower()
 
     @pytest.mark.asyncio
-    async def test_get_settings_with_admin_auth(self, client: AsyncClient, shared_admin: Dict[str, str]) -> None:
+    async def test_get_settings_with_admin_auth(self, client: AsyncClient, test_admin: Dict[str, str]) -> None:
         """Test getting system settings with admin authentication."""
         # Login and get cookies
         login_data = {
-            "username": shared_admin["username"],
-            "password": shared_admin["password"]
+            "username": test_admin["username"],
+            "password": test_admin["password"]
         }
         login_response = await client.post("/api/v1/auth/login", data=login_data)
         assert login_response.status_code == 200
@@ -68,12 +68,12 @@ async def test_get_settings_with_admin_auth(self, client: AsyncClient, shared_ad
         assert settings.monitoring_settings.sampling_rate == 0.1
 
     @pytest.mark.asyncio
-    async def test_update_and_reset_settings(self, client: AsyncClient, shared_admin: Dict[str, str]) -> None:
+    async def test_update_and_reset_settings(self, client: AsyncClient, test_admin: Dict[str, str]) -> None:
         """Test updating and resetting system settings."""
         # Login as admin
         login_data = {
-            "username": shared_admin["username"],
-            "password": shared_admin["password"]
+            "username": test_admin["username"],
+            "password": test_admin["password"]
         }
         login_response = await client.post("/api/v1/auth/login", data=login_data)
         assert login_response.status_code == 200
@@ -125,12 +125,12 @@ async def test_update_and_reset_settings(self, client: AsyncClient, shared_admin
         assert reset_settings.monitoring_settings.log_level == "INFO"
 
     @pytest.mark.asyncio
-    async def test_regular_user_cannot_access_settings(self, client: AsyncClient, shared_user: Dict[str, str]) -> None:
+    async def test_regular_user_cannot_access_settings(self, client: AsyncClient, test_user: Dict[str, str]) -> None:
         """Test that regular users cannot access admin settings."""
         # Login as regular user
         login_data = {
-            "username": shared_user["username"],
-            "password": shared_user["password"]
+            "username": test_user["username"],
+            "password": test_user["password"]
         }
         login_response = await client.post("/api/v1/auth/login", data=login_data)
         assert login_response.status_code == 200
@@ -149,12 +149,12 @@ class TestAdminUsers:
     """Test admin user management endpoints against real backend."""
 
     @pytest.mark.asyncio
-    async def test_list_users_with_pagination(self, client: AsyncClient, shared_admin: Dict[str, str]) -> None:
+    async def test_list_users_with_pagination(self, client: AsyncClient, test_admin: Dict[str, str]) -> None:
         """Test listing users with pagination."""
         # Login as admin
         login_data = {
-            "username": shared_admin["username"],
-            "password": shared_admin["password"]
+            "username": test_admin["username"],
+            "password": test_admin["password"]
         }
         login_response = await client.post("/api/v1/auth/login", data=login_data)
         assert login_response.status_code == 200
@@ -188,12 +188,12 @@ async def test_list_users_with_pagination(self, client: AsyncClient, shared_admi
             assert "updated_at" in user
 
     @pytest.mark.asyncio
-    async def test_create_and_manage_user(self, client: AsyncClient, shared_admin: Dict[str, str]) -> None:
+    async def test_create_and_manage_user(self, client: AsyncClient, test_admin: Dict[str, str]) -> None:
         """Test full user CRUD operations."""
         # Login as admin
         login_data = {
-            "username": shared_admin["username"],
-            "password": shared_admin["password"]
+            "username": test_admin["username"],
+            "password": test_admin["password"]
         }
         login_response = await client.post("/api/v1/auth/login", data=login_data)
         assert login_response.status_code == 200
@@ -257,12 +257,12 @@ class TestAdminEvents:
     """Test admin event management endpoints against real backend."""
 
     @pytest.mark.asyncio
-    async def test_browse_events(self, client: AsyncClient, shared_admin: Dict[str, str]) -> None:
+    async def test_browse_events(self, client: AsyncClient, test_admin: Dict[str, str]) -> None:
         """Test browsing events with filters."""
         # Login as admin
         login_data = {
-            "username": shared_admin["username"],
-            "password": shared_admin["password"]
+            "username": test_admin["username"],
+            "password": test_admin["password"]
         }
         login_response = await client.post("/api/v1/auth/login", data=login_data)
         assert login_response.status_code == 200
@@ -291,12 +291,12 @@ async def test_browse_events(self, client: AsyncClient, shared_admin: Dict[str,
         assert data["total"] >= 0
 
     @pytest.mark.asyncio
-    async def test_event_statistics(self, client: AsyncClient, shared_admin: Dict[str, str]) -> None:
+    async def test_event_statistics(self, client: AsyncClient, test_admin: Dict[str, str]) -> None:
         """Test getting event statistics."""
         # Login as admin
         login_data = {
-            "username": shared_admin["username"],
-            "password": shared_admin["password"]
+            "username": test_admin["username"],
+            "password": test_admin["password"]
         }
         login_response = await client.post("/api/v1/auth/login", data=login_data)
         assert login_response.status_code == 200
@@ -324,10 +324,10 @@ async def test_event_statistics(self, client: AsyncClient, shared_admin: Dict[st
             assert data["error_rate"] >= 0.0
 
     @pytest.mark.asyncio
-    async def test_admin_events_export_csv_and_json(self, client: AsyncClient, shared_admin: Dict[str, str]) -> None:
+    async def test_admin_events_export_csv_and_json(self, client: AsyncClient, test_admin: Dict[str, str]) -> None:
         """Export admin events as CSV and JSON and validate basic structure."""
         # Login as admin
-        login_data = {"username": shared_admin["username"], "password": shared_admin["password"]}
+        login_data = {"username": test_admin["username"], "password": test_admin["password"]}
         login_response = await client.post("/api/v1/auth/login", data=login_data)
         assert login_response.status_code == 200
 
@@ -352,10 +352,10 @@ async def test_admin_events_export_csv_and_json(self, client: AsyncClient, share
 
     @pytest.mark.asyncio
     async def test_admin_user_rate_limits_and_password_reset(self, client: AsyncClient,
-                                                             shared_admin: Dict[str, str]) -> None:
+                                                             test_admin: Dict[str, str]) -> None:
         """Create a user, manage rate limits, and reset password via admin endpoints."""
         # Login as admin
-        login_data = {"username": shared_admin["username"], "password": shared_admin["password"]}
+        login_data = {"username": test_admin["username"], "password": test_admin["password"]}
         login_response = await client.post("/api/v1/auth/login", data=login_data)
         assert login_response.status_code == 200